|
Post by irenetheserene on Aug 11, 2004 11:16:52 GMT -6
Okay so I have spybot and I run it every few days. Everytime I have the same intrusions which are considered high. I try to fix them but they don't erase. Even the ones I take out if I immediately rerun it after taking them off and they still show up again. Irene
|
|
|
Post by Scrappy Amazon on Aug 11, 2004 13:42:41 GMT -6
Good question!!!!!!! Mine does the same thing. I assumed it was because I kept getting reinfected.
|
|
|
Post by Lesa on Aug 11, 2004 15:40:22 GMT -6
Hi, guys.
Can you list the intrusions here, so I can know what you're dealing with?
|
|
|
Post by Scrappy Amazon on Aug 11, 2004 16:11:00 GMT -6
I don't know about Irene but some of my worst ones are as follows:
Internet organizer Looksmart Clearsearch SearchandClick EZula Hot text
|
|
|
Post by irenetheserene on Aug 11, 2004 18:41:37 GMT -6
|
|
|
Post by Lesa on Aug 11, 2004 21:55:32 GMT -6
Scrappy, have you tried re-scanning immediately after scanning and before going anywhere else on the internet? If not, it might be a case of being reinfected like you said, picking up the same tracking cookies every time you visit the same sites. Irene, your problem appears to be an Internet Explorer bug. If you have the latest security patches, this bug is supposedly harmless and can supposedly be ignored. However, you can still fix this by making some changes in your registry. Go to Start > Run, type in regedit and click "ok". In the left pane, click on the [+] signs in the following order: - HKEY_USERS
- S-1-5-18
- Software
- Microsoft
- CurrentVersion
- Internet Settings
- Zones
- 0
In the right pane, does 1004 say "REG_DWORD" for the type? If you double-click on 1004, what number does it say for the "Value data"?
|
|
|
Post by Scrappy Amazon on Aug 11, 2004 23:46:30 GMT -6
Thanks for your help. I think I figured out what the problem is. When I run the program it goes through the whole search for problems thing then it creates a restore point. Then I tell it to remove items. It gets to the end then stops running. I never paid close attention to it before. It stops responding and then Xp shuts it down without finishing. I think my computer is just really screwed up from the get go. I'm starting to think the simplest answer is to just reformat my hard drive and start over. Prevent all this crap from getting in there in the first place. You wouldn't happen to know how to do that would you? Never mind I've bugged you enough. Thanks anyway. ;D
|
|
|
Post by Lesa on Aug 12, 2004 1:16:03 GMT -6
You're welcome. Just in case: Spybot stops respondingI hope your computer problems don't come down to reformatting your hard drive, because that would wipe out everything on it. It's possible that spyware could be screwing with your system, so you should try getting rid of that first. If the above link isn't the answer to your SpyBot problem, you could try reinstalling SpyBot or getting AdAware to try and remove the spyware. Not quite related to your problem but another useful tip: www.rselby.com/spybotinst.htm This can prevent spyware from coming back upon reboot.
|
|
|
Post by Scrappy Amazon on Aug 12, 2004 1:28:35 GMT -6
Thanks a lot Le. I'm definatley trying that first thing tomarrow.
|
|
|
Post by Lesa on Aug 12, 2004 1:44:35 GMT -6
You're welcome, Scrappy. Let me know how it goes.
|
|
|
Post by irenetheserene on Aug 12, 2004 11:24:58 GMT -6
Gigs, There's no folder in MICROSOFT that is called "current version". That's where it stops. Now what? Irene
|
|
|
Post by Lesa on Aug 12, 2004 17:25:12 GMT -6
Oops, I left out "Windows." It should be: * HKEY_USERS * S-1-5-18 * Software * Microsoft * Windows* CurrentVersion * Internet Settings * Zones * 0 Sorry about that.
|
|
|
Post by irenetheserene on Aug 14, 2004 10:32:35 GMT -6
1004 says REG-SZ
When I double click on 1004: Value Name 1004 Value Data is blank
REG-DWORD is listed above 1004 for 1001
|
|
|
Post by Lesa on Aug 14, 2004 15:01:14 GMT -6
Ok, I wanted to make absolutely sure before telling you to edit your registry, because editing the wrong thing can cause some major problems. Before you do anything, you need to backup the affected registry keys. This link will tell you how.After backing them up, you need to delete and recreate the all the registry keys that are showing up on SpyBot. This link will tell you how to do it.If you're not sure what you're doing, then either leave it be or have someone else do it for you, because editing the registry incorrectly can be far worse than leaving this particular exploit alone. If you do leave it alone, make sure you have the most recent Explorer security updates installed to protect you against these exploits.
|
|
|
Post by irenetheserene on Aug 14, 2004 21:06:49 GMT -6
Thanks gigs, Guess I'll have to let it alone. I don't want to go there. Irene
|
|
|
Post by Lesa on Aug 15, 2004 12:17:34 GMT -6
You're welcome. Spybot is working on a way to fix that exploit, so hopefully you won't have to wait too long anyway.
|
|
|
Post by Scrappy Amazon on Aug 18, 2004 20:51:03 GMT -6
I wanted to let you know that I reinstalled spybot and it seems to be working better. Although I must admit that some of my problems were caused by my infinate lack of patience. I'm still having problems but I suspect that has more to do with excess software. So I want to say thanks for helping.
|
|
|
Post by Melodic Mistress on Aug 18, 2004 23:48:47 GMT -6
Wow, that's amazing... we must be sharing china patterns or something..
Because I was encountering this same little bugger on my spybot as well...
Thanks for clearing up the mystery behind it all!
~Jessi
|
|
|
Post by Lesa on Aug 19, 2004 1:17:15 GMT -6
You're both very welcome. I don't know if it happens with all SpyBot users, but it appears to be common among them. From what I can gather, SpyBot finds something that might be a threat, then changes the registry in an attempt to fix it, only to fail. People who have run into this problem have tried fixing it with AdAware and HijackThis, but the only solution seems to be to edit the registry manually. Are you saying these programs run themselves when you boot up the computer? If so, I can help you fix that. If not, please clarify. Programs can run in the background without your knowledge. If you press [Ctrl]+[Alt]+[Delete], you can view what "Applications" are running. I had a co-worker who had this problem once and it kept crashing her computer while she was trying to type up a college assignment.
|
|
|
Post by Scrappy Amazon on Aug 19, 2004 1:30:46 GMT -6
I have done the CTL+ALT+DEL thing but the problem is that there are some that won't let me remove them. Lycos for instance. At least Internet Organizer stopped hijacking my web browser and emails. Honestly there is a whole lot of s**t that is on there that I can't get rid of. Wish I could figure out who to sue. Isn't this something akin to Invasion of Privacy, or Destruction of Private Property?
|
|
|
Post by Lesa on Aug 19, 2004 2:02:21 GMT -6
Selecting one of them and clicking "end task" doesn't work? Have you tried taking the shortcuts out of the startup folder? (Don't try this if you don't know what you're doing.)
|
|
|
Post by Scrappy Amazon on Aug 19, 2004 2:10:43 GMT -6
These things are not listed in the task manager. They are listed in my Add/Remove section. You would not believe the things I've tried.....I think some of my uninformed meddling has made things worse. I've resinged myself to a slow but semi-functioning computer. I'm afraid to try anything else without knowing exactly what is going to happen. At some point I'm going to just wipe my hardrive and start over. But only when It gets really bad. Thanks for all your help though. ;D
|
|
|
Post by Lesa on Aug 19, 2004 17:45:13 GMT -6
If they're not in your task manager under "Applications," they're probably still listed under "Processes" like my Yahoo and MSN Messengers, for example. But looking at running processes, it's not always easy to tell what's what.
If the Lycos you are referring to is Lycos "sidesearch", try this: Remember to back up that part of your registry first!
|
|
|
Post by Scrappy Amazon on Aug 20, 2004 22:50:40 GMT -6
Honestly I think I'm a little too chicken to try that. But infinate thank you's anyway.
|
|
|
Post by Lesa on Aug 22, 2004 11:35:53 GMT -6
You're welcome. It's understandable if you don't want to mess with the registry, because changing the wrong thing could make your problem worse. If you know someone who is good with that stuff, though, you might want to ask them to do it.
|
|